Wireless Access

Contributor II

Or devices can no longer Autenticate

Hi All


Not sure what happened but all of a sudden none of our devices are able to authenticate with our radius controlled SSID.

The NPS srver is running fine the Aruba 7210 is running fine I ahve not gotten any errors reports.

We Have 4 SSID.


one is Captured portal Guest. That works fine.

second is PSK Guest for internal user mobil devices. That works fine

Third is a very long and complicated PSK for our internal network which is used for our hand scanners. That works fine.

The forth and last is a Radius Authenticted Domain joined network nothing can authenticate for this now.

We use 802.1x machine and user authentications for the third network using AD groups for the authenticated users and Domain Computers group for the devices.

This way only domain joined devices and authenticted users on our domain cn connect to the network.


This was working fine but then I recently realised when i went to do a restart of the NPS server that there were no devices connected to this network. At first since a lot of the users that normally wirlessly connect to this network were away I figured there as nobody using it.

After the restart I noticed that  still no devices coudl connect to this network.


Any ideas on what could cause this?



Guru Elite

Re: Or devices can no longer Autenticate

You should check the event logs on the NPS server.

Also, on the controller, run “show log security 50”. Please post that output.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Or devices can no longer Autenticate

Hey thanks for the response.


The only error I coudl find on the nps is this error

"A Radius messsage was received from the invalid Radius client ip address ""

The IP it was pointing to is for one of our servers which does not even have wireless not sure why that error came up.


As for the second one for some reason I can't rember the enable password I tried every password we would have used but none are accepted.

I just tried to go through the reset admin password process but get hit with access denied when I enter the forgetme! password.


Any ideas on how to reset the enable password?






Contributor II

Re: Or devices can no longer Autenticate

I was going to use the controller wizard again but even tho I haven't changed anything but the enable password it keeps telling me that the 0/0/0 uplink port has changed and requires a reboot.

I can go ahead with this but not sure if it is going to stuff up our configurations.

Everything looks correct just dont want to bring it all down as we had a contractor com in and do our original configuration.


Contributor II

Re: Or devices can no longer Autenticate

Hi Here are the logs evntually I was able to get the enable password to work again.






Let me know if this helps.






Super Contributor II

Re: Or devices can no longer Autenticate

Check that the controller is configured as a NAS on the NPS server, as it looks like its receiving requests from a device (the controller) that it doesnt know about.

Guru Elite

Re: Or devices can no longer Autenticate

You have to see in the evenviewer in NPS why it is rejecting that user.  If you had the wrong nas-ip, the radius server would just not respond and the controller would say that the server timed out.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Contributor II

Re: Or devices can no longer Autenticate

Hy guys thanks for the replies.


Going through all of the logs on the server, the controller and the client trying to connect.


These are the below errors that seem to realte to the failed connection.


ON the Client.


I am getting event 36888 "The following fatal alert was generated: 45. The internal error state is 552.


Event 36881 "The certificat received from teh remote server has either expird or is not yet valid. The SSL connection request has failed. The attached data contains the server crtificate.


The NPS server is giving me a warning tell me he Certificate for local system wih Thumbprint "" is about to expire or already expired.


I looks like the certificate on the nps server has expired although I am not sure.

It should not have expired aleady.


Hope that helps.






Re: Or devices can no longer Autenticate

If you want to check if the certificate expired

You can see that information though the NPS console here:

You can check the expiration date there.





I know its on spanish but its on network policies, and on constrains tab i think its in english.




Product Manager - Aruba Networks
Alternetworks Corp
Contributor II

Re: Or devices can no longer Authenticate

Yeap I checked it and the certificate had expired on the 24/08/2014 so I am just waiting for our head office to renew it for me.



Search Airheads
Showing results for 
Search instead for 
Did you mean: